Tag Archives: var-username

Protests or profiteering? Whether it’s Anonymous, the Cyber Caliphate or Cyber Berkut, the hack remains the same

“Hacktivism” has been around since the Cult of the Dead Cow in the 1980s; only the names have changed. Where we once heard about Chaos Computer Club and the Legion of Doom, we now have high-profile examples like Anonymous, Anti-Sec and Lulzsec. This is not a comparison – 35 years ago it was mostly demonstrations and denials of service. Now, attacks have become exponentially more intrusive and destructive. With this escalation in damages comes a new name. Cyber terrorism is a term that the media has been using quite frequently. There have also been countless articles on the so-called Cyber Caliphate, Cyber Berkut, and even various disparate groups of “cyber freedom fighters” around the world. Is changing “hacktivism” to “terrorism” the government and media’s way of upping the ante on hacking? Indeed, what is the difference between hacktivism and cyber terrorism, if there is one? After all, they both seek out pretty much the same targets. They both have a singular purpose, in its simplest definition – to cause damage to an entity, organisation or group. So what sets these two categories of hackers apart? Is the answer in their motivation? Can we really view one as “good,” and the other “bad”, or is it simply a matter of personal opinion? Anonymous Anonymous is a loose association of activist networks that has an informal and decentralised leadership structure. Beginning in 2003, on the bulletin board 4Chan, Anonymous began to recruit and train young people interested in hacking for a cause. Throughout the years, they have run cyber attacks, mostly distributed denial of service (DDoS) attacks, against the financial, healthcare, education, religious organisations, oil, gas and energy industries – pretty much everything. They have also earned a spot on that distinguished list of attackers who have targeted consumer electronics giant Sony. Anonymous has really changed the nature of protesting. In 2013, Time magazine listed it as one of the top 100 influential “people” in the world. Supporters have called the group “freedom fighters” and even compared them to a digital Robin Hood. Others, however, consider them little more than cyber terrorists. In the public’s eye, it depends on their motivation, following and targets. The bottom line: This could either be a case of malicious activity masked by political motivation, or pure malicious activity. Cyber Berkut Cyber Berkut is a modern group of hacktivists and claims its name from the Ukrainian special police force “Berkut”, formed in the early 1990s. This pro-Russian group made a name for itself by conducting DDoS attacks against the Ukrainian government and Western corporate websites conducting business in the region. The group has also been known to penetrate companies and attempting to retrieve sensitive data. Following a heist, they would post on public-facing pastebin sites or their own non-English website, which includes a section called “BerkutLeaks”. Cyber Berkut was most recently credited for attacks against the Chancellor of the German Government, NATO, Polish websites and the Ukrainian Ministry of Defence. The group has been compared to Anonymous based on its methods of protest and political targets. Viewed as passionate about its targets, Cyber Berkut has a clear agenda. However, the group’s ideology in no way diminishes the amount of intended damage that might be inflicted on potential victims. Cyber Caliphate Cyber Caliphate, as the name implies, is a hacker group that associates with the Islamist terrorist group ISIS. It has attacked many different government and private industry entities, and claims responsibility for multiple website defacements and data breaches. The group has hacked various websites and social media accounts, including those of military spouses, US military command, Malaysia Airlines, Newsweek and more. Indeed, Cyber Caliphate is hungry for media attention. This raises the question: does Cyber Caliphate believe in its stated cause, or is this just opportunistic hacking under the cover of a cause for media attention? What if the group is just looking for fame and fortune? What if the group is not a group at all, but the work of one or two people collaborating with different contributors for specific targets? Motive doesn’t matter Is this really cyber terrorism, hacktivism or just another set of hackers trying to get famous by jumping on the media’s hot topic of the month? In some cases, it may seem romantic when people claim to be fighting for a cause – rather than more nefarious intent, or even just for a laugh. But the fact remains that cyber attacks are cyber attacks, whether they are motivated by politics, money or a distorted idea of fame. The key to fighting back – after ensuring that your organisation’s security is up to snuff – is threat intelligence. Threat intelligence gathering is the key to keeping up with the actions of these groups and their potential targets with impartial, straightforward news, gathered by specialists. Staying abreast of potential hacktivist attacks requires a proper investment in intelligence groups with the proper tools, people, processes and other resources to deliver up-to-date information. And not just about the groups, but the techniques they might be using. Information sharing among intelligence groups from different industries and countries also will help expedite the reverse engineering of malicious code and assist in the building of signature content and correlation logic that is deployed to our security technologies. So once attacks are observed globally, defences can be quickly built, detection logic integrated – and information disseminated to the security specialists on the front line who may be all that stands in the way of the kind of corporate meltdown that nearly sank Sony Pictures in December last year. Source: http://www.computing.co.uk/ctg/opinion/2414910/protests-or-profiteering-whether-its-anonymous-the-cyber-caliphate-or-cyber-berkut-the-hack-remains-the-same

See the original post:
Protests or profiteering? Whether it’s Anonymous, the Cyber Caliphate or Cyber Berkut, the hack remains the same

DDoS Attacks Target Financial Firms and Broker Dealers

FINRA memo June 19, 2015 announces: An increasing number of member firms have been subjected to DDoS attacks originating from a cyber-criminal group called DD4BC. The latest in ongoing efforts by cyber criminals to extort money and disrupt practices for online business. The cyber-crime group DD4BC is one of the most active at DDoS attacks on industry’s, asking for ransom payments in exchange for the return of website service. Many businesses do not understand what a DDoS attack is and how they occur. Nor, do they understand what to do if they become subject to an attack. Ransom demands for large firms can be several thousand if not hundreds of thousands of dollars in BitCoin. The danger in paying the ransom to DDoS blackmailers is that it encourages them to attack. In some cases the attackers will make repeated attacks and repeated blackmail demands. FINRA is notifying financial and securities firms to be on the lookout for these types of attacks and be prepared with a plan in place to mitigate damages and reduce business disruption. Attacks on FINRA Member firms and Financial Services The DDoS attacks FINRA is cautioning about render a website or network unavailable for its intended users by sending an overwhelming number of incoming messages to the website, causing the site to “fail to load” or show as “unsecure” when legitimate users try to access it. Cyber Crime Group DD4BC makes extortion demands on targeted systems The end goal for DD4BC criminals in these attacks is extortion. DD4BC criminals will first send a firm an email announcing their plan to target the website with a DDoS attack. They further state, the attack can be avoided by paying ransom in BitCoin. To prove they are serious, DD4BC initiates a minor attack, with a threat of more attacks if the ransom is not paid within 24 hours. A bounty on the DD4BC cyber crime group The Bitcoin community and other firms are fighting back. A recent threat to Bitalo.com (a bitcoin exchange firm) resulted in Bitalo offering a reward of 100 times the amount DD4BC had asked for. Other firms have also pledged “would be blackmailed” bitcoin rewards for information leading to the arrest and conviction of DD4BC criminals. What to do if faced with an attack: A firms first point of contact in the event of attack is the local FBI office, Cyber Crimes division. The FBI works diligently in tracking and capturing these cyber criminals. The earlier they have information about an attack, the better their chances are at locating the criminals and alerting other firms to danger. Additionally, FINRA is asking that financial firms notify the SEC and FINRA. They will use this information to identify the extent of industry attacks and help firms stop these crimes. Prepare in advance for an Attack: Most DDoS attacks start as a sharp spike in traffic. Familiarize yourself with typical inbound traffic statistics for your website by auto-generating reports to monitor traffic on a daily and weekly basis. Work with your website host to “overprovision” band-width for your website. This can often be done for very little additional cost. And, while it is not likely to prevent damage from an attack, it could add a few minutes of lead time. Also, many host companies can set up alerts to notify you if there is a sudden spike in band width usage. What is your response plan: Prevention is the best strategy. Have your system evaluated for best practices before an attack starts. If you need help there are DDoS mitigation firms that specialize in securing IT systems to detect, monitor, and block attacks. Determine where your system is weak and make changes to improve security. Have a contingency plan in place to reach customers if the firm’s website is unavailable. Alternative communication methods include customer service phone support and cloud based communication portals. Maintain email and VOIP phone service on a different server than your website. DDoS attacks tend to cripple everything on the server. Segregating digital data through separate network connection hosts adds a layer of protection for confidential email lists and customer data. What to do if you are under attack: Call your website hosting company or ISP to let them know of what’s happening. They may be able to make routing adjustments to your traffic and prevent malicious traffic from making it in to your website. DDoS mitigation and monitoring services can also provide assistance. If needed, website hosts and ISP’s can direct you to a company that specializes in scrubbing data and diverting traffic when under DDoS attack. If the attack is lasting a relatively long time, direct your site to a hosted “We Are Down “ landing page for customers. Use the page to provide customers with alternative ways to reach your firm. This will bring confidence to your customers and save them the frustration of multiple unsuccessful attempts to reach your company online. Source: http://www.finracompliance.com/ddos-attacks-target-financial-firms-and-broker-dealers/

Continue reading here:
DDoS Attacks Target Financial Firms and Broker Dealers

DDoS Attacks Have Graduated to Extortion

There are things in this world that are far less enjoyable than having your website knocked offline to be certain. That being said, it can have a massive impact to your day or that of a company trying to make a living by selling their wares online. I remember early on one of the first large scale distributed denial of service (DDoS) attacks to launch was aimed at the White House. This was an attack that was expected at the time to be a withering assault that could reduce the White House website to a pile of molten “cyber” in the guise of what was dubbed a “virtual sit-in”. This took place in May 1998. There was concern at the time since this was not something that people had really given a lot of thought to at the time. But, in the end the web server had it’s IP address changed. It was that simple. The attackers had planned to attack not the domain name but, the IP address that was associated with the site. Simple presto change-o and the problem was fixed. These days it isn’t that simple to avoid becoming the victim of a distributed denial of service attack. There are different manner of DDoS attacks that can victimize a website. The vast majority of DDoS attacks are designed to overwhelm a site at the infrastructure level. The idea being to render the website and it’s resources unusable to the customers and the company or organization that run the site. This is cyber security equivalent of having a bully sit on your chest and say “stop hitting yourself, stop hitting yourself”. These type of attacks invariably lead to bragging on the part of the instigators. There seems to be an innate inability on the part of these attackers to keep their mouths shut. They seem to be incapable of just launching the attacks and want to be giving recognition for their endeavors. This frequently leads to them getting some press cycles and then a visit from the local constabulary. Assuredly not their desired outcome. This sort of media whoring plays well with much of the press as it provides a morbidly curious pubic with some level of insight into the instigators. When you drive by an accident on the side of the highway most of will slow down to look. It is human nature. So too is our apparent fascination with these attackers. What once began as an attacker defacing a website, later graduated to launching DDoS attacks. Now, those very attackers have demonstrated that they are no longer satisfied with press exposure. Now we see evidence of attacks being launched for money. Case in point is a crew that have been dubbed DD4BC for their pattern of launching attacks in a bid to collect bitcoin. We first saw them in 2014 when they ran trial run attacks against various websites. The curious point at the time was that they demanded a paltry sum from their victims. They were kicking the tires on their new machine. How this type of extortion attack would work is that they would launch a small burst of traffic against an intended victim and email them to ask them to look at their logs. This was a step to demonstrate that they were serious. The proverbial “look at my gun” approach that has worked for bank robbers for decades. The DD4BC crew would demand money and in the event the website operators failed to cave in to their demands they would launch their attack. As time progressed the cost to stop the attack would rise. I sincerely hope that no one has in fact paid the ransom that they demanded. This would only encourage them to launch more attacks. Also, for any site that would pay their demands this would provide them no guarantees that the attackers wouldn’t return to demand more money. Attackers have evolved with the times and so to should website operators. The need to have a web site that is designed to fail is clear. If you come under attack today, how will you scale? How will you defend your website? Telling them to go away or you will taunt them again simply won’t suffice. Source: http://www.huffingtonpost.com/dave-lewis2/ddos-attacks-have-graduat_b_7639516.html

More here:
DDoS Attacks Have Graduated to Extortion

Polish Planes Grounded After Airline Hit With DDoS Attack

Roughly 1,400 passengers were temporarily stranded at Warsaw’s Frederic Chopin airport over the weekend after hackers were purportedly able to modify an entire airline’s flight plans via a distributed denial of service (DDoS) attack. On Sunday someone was able to infiltrate the computer system of the Polish airline LOT and successfully cancel 10 of the carrier’s flights. A dozen other flights were reportedly delayed, according to Reuters. Many passengers were able to board the flights — destined for Munich, Hamburg, Dusseldorf, and Copenhagen, among other cities — later in the day and regular service was resumed Monday according to LOT spokesman Adrian Kubicki. The airline insists that at no point was the safety of any ongoing flights at risk, nor were any other airports affected, but stressed that the attack could be a sign of things to come. “We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry,” Kubicki warned, adding that authorities were investigating the attack. LOT’s chief executive Sebastian Mikosz reiterated Kubicki’s sentiments in a press conference on Monday. “This is an industry problem on a much wider scale, and for sure we have to give it more attention,” Mikosz said, “I expect it can happen to anyone anytime.” Kubicki claimed the attack may have been the result of a distributed denial of service attack on Monday and that LOT experienced something he called “a capacity attack” that overloaded the airline’s network. While technical details around the incident have been scant, several security researchers agree it could be cause for alarm. Ruben Santamarta, a principal security consultant for IOActive has called the security of planes into question before and based on the statement given by LOT’s spokesman believes the airline may have fallen victim to a targeted attack. “Initially, it seems that flight’s plan couldn’t be generated which may indicate that key nodes in the back office were compromised,” Santamarta said Monday. “On the other hand the inability to perform or validate data loading on aircraft (including flight plans), using the standard procedures, should make us think of another attack vector, possibly against the ground communication devices.” Last summer at Black Hat Santamarta described how aircraft — including passenger jets – along with ships, oil rigs, and wind turbines could be compromised by exploiting its embedded satellite communications (SATCOM) equipment. Andrey Nikishin, Director of Future Technology Projects at Kaspersky Lab, believes there could be two stories behind the hack. The incident could’ve come as a result of human error, or an electrical or hard drive malfunction, Nikishin claims, or perhaps stem from a “more Hollywood style scenario” wherein the attack is a precursor to a bigger, more significant disruption. “Warsaw airport is fairly small compared to Schiphol (Amsterdam) or Heathrow (London) and, depending on the time of day, there are only around 11 flights taking off every hour. ” “What if the incident was just a training action or reconnaissance operation before a more massive cyber-attack on a much busier airport like Charles de Gaulle in Paris or JFK in New York?” Nikishin said. “Regardless of the reason and the threat actors, we can see how our life depends on computers and how vulnerable to cyber-threats national critical infrastructure objects have become.” Earlier this year security researcher Chris Roberts made headlines by getting removed from an American Airlines flight and questioned by the F.B.I. after he claimed he was able to compromise its onboard infrastructure. Roberts told the F.B.I. that he managed to hack into several planes’ in-flight entertainment systems nearly 20 times from 2011 to 2014 although most airlines have refuted these claims. Source: https://threatpost.com/polish-planes-grounded-after-airline-hit-with-ddos-attack/113412

AINA Brought Down By Massive DDoS Attack

AINA’s website was the target of a massive distributed denial of service attack (DDOS) which made the site unavailable for more than one week. The attack was launched on June 8 and continued until yesterday. The source of the attack is unknown. A DDOS attack floods a site with hundreds of thousands of requests, which overloads the system and forces it to shut down. The attack is launched from computers which have been infected with malware, without the knowledge of their owners. A DDOS attack is difficult to defend against because of the very nature of the internet. A website is by definition designed to respond to requests. Any website can be brought down by such an attack. Source: http://www.aina.org/news/20150617135759.htm

See original article:
AINA Brought Down By Massive DDoS Attack

Canadian Government Websites Inaccessible Following DDoS attack

Around 1:30 pm ET on Tuesday afternoon, Canadian government websites became inaccessible due to a denial-of-service attack, The Globe and Mail reported. The attack affected industry, employment, national resources, fisheries and oceans, justice, labor, foreign affaisr, environment and transportation related websites. A denial-of-service attack, sometimes called a DOS attack, occurs when hackers flood a website with traffic, essentially leaving it unusable to normal users hoping to browse the site. It is unclear why Canada’s government websites faced this attack or who the hackers are. Source: http://www.newsweek.com/canadian-government-websites-inaccessible-following-denial-service-attack-344002

Link:
Canadian Government Websites Inaccessible Following DDoS attack

DDoS Attack on Voat due to Reddit

Voat was just a small Reddit knock-off before last week — but now it’s becoming overloaded as people threaten to leave the bigger site So many people are leaving Reddit that its closest competitor crashed and had to ask for donations to stay up. Many users of the site protested and left when last week it banned five subreddits for harassment. And since, users have been making good on threats to leave the site — going instead to a Swiss clone of the site, Voat. That site look almost exactly the same as Reddit, and features many of the same communities. But it is committed to a rule of “no censorship” — previously Reddit’s attitude, but one that it has moved away from as it has attempted to reduce the harassment and abuse on the site. So many people have moved to the Swiss knock-off that it has been down entirely many times since the Reddit bans. In response, the site asked for donations in bitcoin to pay for extra technology to keep the site up. That doesn’t seem to have worked, and the site says that it is now under a distributed denial of service attack, where users send a flood of requests to a website to take it down. But despite the problems, the site now has more than twice as many users as it did late last mnth, according to the site’s Twitter account. It had over 96,000 registered users last night, it said — far from the 172 million unique visitors that went to Reddit in the last month, but up many times over recent weeks. Voat’s founder said that the site was “not ready for such a huge influx of new users” and that it hadn’t “prepared for such a large and sudden increase either”. “We are sorry to see Reddit change like this, in this way, in such an accelerated fashion,” Atko wrote. “We would have never anticipated such events.” Source: http://www.independent.co.uk/life-style/gadgets-and-tech/news/reddit-alternative-breaks-because-so-many-people-leave-site-after-harassment-scandal-10321474.html

Anonymous Hijacks Thousands of Insecure Routers to Power Its DDoS Tools

Lack of some elementary security measures can risk your router’s security and this has stemmed to grow into a large-scale denial-of-service (DDoS) attacks using these hacker-controlled routers. A web security firm Incapsula has discovered a new router based botnet Mr Black while investigating some DDoS attacks against its customers since this December. Hackers exploited routers’ negligent security measures to launch these attacks all over the world. According to this report published by the security firm, the routers made by Ubiquiti Networks had DDoS malware installed on them. The routers were not hacked due to some vulnerability in the hardware. Instead, it happened because of the deployment of the router in an insecure manner that exposed their management interfaces using the default credentials over SSH and HTTP. The routers that were inspected were found to have 4 versions of Mr Black, a DDoS program and altogether thirty-seven variations of Mr Black were detected. Other DDoS programs included DoFloo, Mayday and Skynet (a remote sensing tool). In some earlier versions of the report, Incapsula said that it believed that the hacktivist group Anonymous was one of the few groups those used the compromised routers. It is yet not clear that why Anonymous was highlighted in the report, but it is certain that few people who call themselves “Anonymous” were using the routers. The original article on the Daily Dot was edited to remove the fact that botnet directs to irc (dot) anonops (dot) com. Total 40,269 different IP addresses were detected from 1,600 ISPs spread across 109 countries. The main affected countries were Thailand (64%), Brazil (21%), United States (4%) and India (3%). To control these routers, 60 servers were hacked and majority of these were in China and the U.S. To save themselves from the DDoS attacks, users must make sure that their routers’ management interfaces aren’t exposed over HTTP or SSH to the internet. They can also use some tools available to scan their router’s IP for open ports and change their default login credentials. With inputs from Anon.hq Source: http://omdpatel.blogspot.tw/2015/06/anonymous-hijacks-thousands-of-insecure.html

DD4BC Shifts Focus to Businesses, Continues DDoS Attack

Cybercriminals and extortionists demanding Bitcoin as ransom is on the rise these days. Due to the easy of transfer and pseudonymity associated with Bitcoin transactions, it has become the currency of choice for them. We have been hearing about ransomware, hacking incidents where sensitive data is stolen from computers and even extortion by threatening to physically harm an individual, the only common factor in all these cases is the ransom, to be paid in Bitcoin. There is one such cybercriminal group called DD4BC who have made it a regular habit to launch Distributed Denial of Service (DDoS) attacks on the websites belonging to Scandinavian companies. Once they launch an initial DDoS attack, they will blackmail these companies to pay about 40 bitcoins to avoid further attacks on their IT infrastructure. In most cases, the group sends out emails to the targeted firm within hours of launching the first DDoS attack. These emails, demanding ransom in Bitcoins also promises the victims that it is a one-time thing and if they pay the ransom, DD4BC will not attack them again. DD4BC also claims in the mail that even though they do bad things, they are going to keep their word. It is surprising that the group which was targeting European banks and financial institutions all these days has suddenly shifted their target to businesses in Scandinavia. Recently DD4BC allegedly tried to extort money from Bitalo Bitcoin Exchange – 1 BTC in exchange for information on how to prevent DDoS attack. But the plan seemed to backfire when the CEO of the Exchange, Martin Albert announced a bounty of 100 BTC for information about the person/people behind DD4BC. Among the list of Bitcoin sites targeted by DD4BC includes CEX.io and Bitcoin sports book Nitrogen Sports. Recently an Australian company was hacked into by unidentified perpetrators. They allegedly stole sensitive data, asking for ransom. They have also threatened to harm family members of one of the top officials from that company. Source: http://www.livebitcoinnews.com/dd4bc-shifts-focus-to-businesses-continues-ddos-attack/

DDoS attacks are a growing digital threat to freedom of expression in Latin America

The media and Latin American journalists are starting to experience firsthand what until recently seemed to be the exclusive concern of US, European or Asian media outlets: cyberattacks.? This type of online criminal activity, known as Distributed Denial of Service (DDoS), is the other side of technological advances that aim to maximize flow of information online.? Cybercrime legislation is backward and broken in Latin America, where the lack of a culture of information security or economic resources of journalists and media outlets ensures that attacks are successful.? One of the most recent cases occurred in Mexico, where minutes after publishing an investigation about the alleged responsibility of federal police in extrajudicial executions of several young people in Apatzingan, a town in the state of Michoacan, the Aristegui Noticias site was out of services for hours, a victim of a DDoS attack.? The Knight Center for Journalism in the Americas consulted Robert Guerra, an expert on cyber security and Internet freedom, and Luis Horacio Najera, a Mexican journalist and expert in the field, on the consequences of these attacks for media companies.? “The main consequence of a cyber attack in the context of Latin America is the reduction of critical spaces that encourage debate or the exposure of misconduct and abuse of power, like corruption,” Guerra said. Guerra, founder of Privaterra, an organization based in Canada that advises private companies and NGOs on data privacy, believes that “any attack, whether cyber or physical, deteriorates freedom of expression and of the press in the country where it occurs.” In the context of countries like Mexico, where media workers are victims of assassinations, kidnappings and threats, this “silent war” on the Internet is presented as a new alarm when speaking about freedom of expression and of the press. Momentary “blackouts” of online media affect the flow of information, the legitimacy of the company and its journalists, and also cause adverse economics effects for the media companies which base their income in online advertising. “The attacks almost always occur as a result of some publication, that is to say they are more reactive than proactive,” Guerra said of the Latin American case. “The freedom of the press is vulnerable not only when a journalist is killed or a broadcaster is exploited.” In fact, in the 2014 Annual Report of the Special Rapporteur for Freedom of Expression of the Inter-American Commission on Human Rights (CIDH), at least four cases of these attacks on media in Mexico were reported. “With the changes in technology and ways of doing journalism, cyber attacks will become more frequent because they attack the legitimacy of the journalist, and also affect the publication of news. Therefore, all attacks and threats should be condemned with the same intensity,” Guerra added. In addition to clear legislation, the region also lacks information on how and where these attacks occur, as well as statistics on their targets and consequences. In 2000, one of the companies specializing in digital security solutions, Arbor Networks, joined Google Ideas (an Internet research and conflict solution implementation think tank) to create a map that tracks digital attacks happening around the world, in real time. The aim was to create a tool for identifying these anonymous attacks: What is the origin of the attack, its target, and the duration and type of attack? It also aimed to analyze trends. Looking at the map, you can see that the peak of the cyber attacks in Latin America happened in December 2014. “It’s very interesting to see that most of the attacks are concentrated in a few countries in the region and that they are the result of specific moments in those countries,” Guerra said. “In the case of Guatemala, a reason for the attacks may be that at that time people were discussing the results of the International Commission Against Impunity in Guatemala. In the case of Peru, the second round of December 2014 regional elections may have influenced events.” What is a DDoS attack? At the technical level, a DDoS attack occurs when millions of simultaneous requests are sent to a single server in order to make it collapse. It is a targeted, deliberate action using hundreds of connected computers to make a simultaneous attack.? In an interview with the Knight Center, Hector Jara, founder and director of Enfinity, a Panamanian cybersecurity and information safety management company, explained the concept with an analogy. “Imagine a highway where a few cars circulating at high speeds and the traffic is fluid. As you add more and more cars, the driving pace slows and traffic is less fluid. If we continue to add cars, you will reach a point where the highway is saturated and cannot meet the demand, and the cars will be stopped. The same thing happens with connections to a website. The number of connections that it can respond to is limited, and if it makes more and more connection, at some point it will be saturated. The more capacity the organization has, this is more difficult to achieve – we think of Google Facebook, among others – but the limit always exists.” Jara also explained how criminal organizations use other types of attacks – for example phishing – through which they infect computers of ordinary users. “These infected computers are known as zombies , and can be controlled and used by these organizations to launch other attacks, such as DDoS. In fact these organizations assemble networks of zombie computers (known as botnets ) that they then ‘rent’ for non-sanctioned purposes”. The cybersecurity expert said that in addition to political purposes and censorship attacks, other attacks are related to digital protest. For example, the term Hacktivism is a new form of protest increasingly being used. One of the latest examples of the use of technology as a means of social protest was during the removal of former President Fernando Lugo of Paraguay when attacks on public bodies were made and one of them closed access to the official website of the Presidency. Asked about possible actions against these attacks, Jara explained that “while we can design a communications architecture in a way that can protect against these attacks – for example there are technological tools such as Web Application Firewalls and services such as CloudFlare , which can mitigate the impact and in some cases completely limit it – by the nature of the attack, if those interested in launching the attack had enough resources and time, it is likely that the would force a site out of operation.” While in the United States DDoS attacks are considered crimes and are punishable under the penal code, this has not been shown to combat the situation. The question is what can legislation achieve regarding this issue. Experts agree that international cooperation is key to fighting cybercrime. In 2014, Mexico hosted the “Workshop on legislation on cybercrime in Latin America”, organized to support Latin American countries in developing legislation on cyber crime, in accordance with international standards proposed in the “Budapest Convention “. During the meeting, possible reforms to criminal law of the participating countries and constitutional reforms in telecommunications were debated. While Argentina, Chile, Colombia, Costa Rica, Mexico, Paraguay and Peru have expressed their interest in joining the treaty, Dominican Republic and Panama have already completed this process. “Most regional legislation concerning information security have been poorly, and in many cases have been motivated by local public security crisis,” said Guerra of Privaterra. “So, from the start, these are deficient laws that in many cases secretly seek to impact civil society through censorship and criminalization of social networking activity.” Guerra also said it is not possible to speak of general solutions in Latin America, but that “each region has its own dynamics, and accordingly, legislation should create or strengthen legal counter methods to give tools for protection to civil society. These tools should be autonomous and independent of government.” Meanwhile, Jara noted that while regulations should establish a legal framework that protects personal information and data, in the case of journalists, these professionals should take measures to protect such data. “Because of the work, they may be a target of criminal organizations and sometimes governments. If they also have blogs or personal pages, they should ensure the safety of them, as a vulnerable site also becomes the focus of attack, ” Jara said. Source: https://knightcenter.utexas.edu/blog/00-16118-ddos-attacks-are-growing-digital-threat-freedom-expression-latin-america